Inside GandCrab Ransomware

A special category of malware named ransomware has become very popular for cyber-criminals to extort money. This category limits users from accessing their machines (computers, mobile phones and IoT devices) unless a ransom is paid. Every month, security experts report many forms of ransomware attacks, termed as ransomware families. An example of these families is the GandCrab ransomware that was released at the end of January 2018. In this paper, we present a full depth malware analysis of this ransomware following some recent work and findings on ransomware detection and prevention.

[1]  Yassine Lemmou,et al.  PrincessLocker analysis , 2017, 2017 International Conference on Cyber Security And Protection Of Digital Services (Cyber Security).

[2]  Peng Liu,et al.  FlashGuard: Leveraging Intrinsic Flash Properties to Defend Against Encryption Ransomware , 2017, CCS.

[3]  Engin Kirda,et al.  UNVEIL: A large-scale, automated approach to detecting ransomware (keynote) , 2016, SANER.

[4]  Yassine Lemmou,et al.  An Overview on Spora Ransomware , 2017, SSCC.

[5]  Engin Kirda,et al.  Redemption: Real-Time Protection Against Ransomware at End-Hosts , 2017, RAID.

[6]  Chris Moore,et al.  Detecting Ransomware with Honeypot Techniques , 2016, 2016 Cybersecurity and Cyberforensics Conference (CCC).

[7]  Danilo Caivano,et al.  Ransomware at X-Rays , 2017, 2017 IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData).

[8]  Moti Yung,et al.  Cryptovirology: extortion-based security threats and countermeasures , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[9]  Alessandro Barenghi,et al.  ShieldFS: a self-healing, ransomware-aware filesystem , 2016, ACSAC.

[10]  Jan van den Berg,et al.  Ransomware: Studying transfer and mitigation , 2016, 2016 International Conference on Computing, Analytics and Security Trends (CAST).

[11]  Yassine Lemmou,et al.  Infection, Self-reproduction and Overinfection in Ransomware: The Case of TeslaCrypt , 2018, 2018 International Conference on Cyber Security and Protection of Digital Services (Cyber Security).

[12]  Moti Yung,et al.  Cryptovirology , 2017, Commun. ACM.

[13]  Gianluca Stringhini,et al.  PayBreak: Defense Against Cryptographic Ransomware , 2017, AsiaCCS.

[14]  Jack F. Bravo-Torres,et al.  Social engineering as an attack vector for ransomware , 2017, 2017 CHILEAN Conference on Electrical, Electronics Engineering, Information and Communication Technologies (CHILECON).

[15]  Jong Hyuk Park,et al.  CloudRPS: a cloud analysis based enhanced ransomware prevention system , 2016, The Journal of Supercomputing.

[16]  Ross Brewer,et al.  Ransomware attacks: detection, prevention and cure , 2016, Netw. Secur..

[17]  Ju-Sung Kang,et al.  Dynamic ransomware protection using deterministic random bit generator , 2017, 2017 IEEE Conference on Application, Information and Network Security (AINS).

[18]  Ibrahim Nadir,et al.  Contemporary cybercrime: A taxonomy of ransomware threats & mitigation techniques , 2018, 2018 International Conference on Computing, Mathematics and Engineering Technologies (iCoMET).

[19]  Wojciech Mazurczyk,et al.  Software-Defined Networking-based Crypto Ransomware Detection Using HTTP Traffic Characteristics , 2016, Comput. Electr. Eng..

[20]  Alexandre Gazet,et al.  Comparative analysis of various ransomware virii , 2010, Journal in Computer Virology.

[21]  Patrick Traynor,et al.  CryptoLock (and Drop It): Stopping Ransomware Attacks on User Data , 2016, 2016 IEEE 36th International Conference on Distributed Computing Systems (ICDCS).

[22]  Jinwoo Lee,et al.  How to Make Efficient Decoy Files for Ransomware Detection? , 2017, RACS.

[23]  Virginia N. L. Franqueira,et al.  On Locky Ransomware, Al Capone and Brexit , 2017, ICDF2C.

[24]  Leyla Bilge,et al.  Cutting the Gordian Knot: A Look Under the Hood of Ransomware Attacks , 2015, DIMVA.

[25]  Jean-Louis Lanet,et al.  Ransomware and the Legacy Crypto API , 2016, CRiSIS.

[26]  Fred Cohen,et al.  Computer viruses—theory and experiments , 1990 .

[27]  Junbeom Hur,et al.  CLDSafe: An Efficient File Backup System in Cloud Storage against Ransomware , 2017, IEICE Trans. Inf. Syst..

[28]  Pedro García-Teodoro,et al.  R-Locker: Thwarting ransomware action through a honeyfile-based approach , 2018, Comput. Secur..

[29]  Richard J. Enbody,et al.  A key-management-based taxonomy for ransomware , 2018, 2018 APWG Symposium on Electronic Crime Research (eCrime).